Administrator privilege phylosophy (sudo vs. root)

If you are a Windows 9x or Me user, I guess you are wondering what this article is all about. If you moved to Windows XP, you start guessing what it might be. But I guess when you had the opportunity during the Windows user creation to select “Limited Account” or “Administrative Account”, you have selected the latest. Not only the name “Limited Account” sounds pejorative, but you will not able to use a lot of your application then because of insufficient privilege (it is getting better, and if you have the luck to have the latest version of all your software, it might work), so you are using your Windows with administrative privilege.

This is not only a bad idea because if during your normal desktop use, you or one of your program fiddles with an important file, you might get your system to an unstable state. It can become tremendously bad when you get infected, as your whole system is then compromised (no need to find a privilege escalation security breach somewhere)

The Linux/UNIX users are surely all laughing at this. Because, they all know that you should have a root account for any administrative tasks, and a user account (see it is not a limited account in this philosophy) for all desktop use. However, there are two doctrines: the root or sudo doctrines.

The root doctrine

Before sudo, most administrator were logged-in as the root user. For the real ones, they were logged-in in console mode only to avoid that a crash on the X server would impact the system. For the common user, they were logged-in as root with the X interface. All operations were then performed with administrative privilege, even ones like consulting an internet site to check how to perform their administrative tasks.

It is an easy way to configure your system, as you have all the rights. However, a small mistake, or a wrong internet link and your whole system could be affected or even compromised.

The sudo doctrine

Due to this problem, sudo appeared. The aim was to use administrative privilege only for a short period of time, and only when required. In addition, this would avoid the user to log-in to another account. This would obviously enhance the system safety.
The drawbacks of sudo are: which commands to you allow via sudo ; you need to write ‘sudo’ before each commands requiring administrative privilege ; and you need now and then to re-type the password.

Ubuntu idea

Under Ubuntu, they choose to enhance the safety of your system. Thus, they decided to follow the ‘sudo’ way. The root user is disabled, no need for it and especially no risk that a user log-in via the X interface with the root user. In addition, they’ve allowed every command to be launched with sudo for authorised users.

The cool thing is that for power-user, they still can access the root account. They only need to open a console and type ‘sudo -s’. Then they have root access, they can perform whatever they want, and at the same time they can launch their favourite browser from the X interface which uses still normal user privilege. However, this would require those power-user to be able to handle the administrative tasks all via the console.

For the normal user, all administrative HMI are accessible via the Ubuntu Desktop menus and are already ‘sudo’ compliant. So when you launch them, you enter a password and you have access to the system configuration of a particular task.

This set-up is interesting has it maximise the safety of the system without loosing functionalities (either from a normal user point of view, or for the power-user point of view).

sudo usage in console or X environment

In a console environment, to launch a command-line with administrative privilege, you simply need to type ‘sudo ‘ (without the single quote) before your command. It might prompt you for your password, simply enter it and press the ‘Enter’ key. After this you will be able to use sudo without entering a password for a short period of time.

If the command is using a graphical environment, then it is better and recommended to use ‘gksudo ‘ or ‘kdesu ‘ (respectively for GNOME or KDE desktop) before your command.